A. Yes, you can enable encryption when you create a new EBS volume using the AWS Management Console, API, or CLI.B. No, you should use a third-party software to perform raw block-level encryption of an EBS volume.C. Yes, but you must use a third-party API for encrypting data before it’s loaded on EBS.D. Yes, you can encrypt with the special “ebs_encrypt” command through Amazon APIs.

Answer: AExplanation:With Amazon EBS encryption, you can now create an encrypted EBS volume and attach it to a supported instance type. Data on the volume, disk I/O, and snapshots created from the volume are then all encrypted. The encryption occurs on the servers that host the EC2 instances, providing encryption of data as it moves between EC2 instances and EBS storage. EBS encryption is based on the industry standard AES-256 cryptographic algorithm.To get started, simply enable encryption when you create a new EBS volume using the AWS Management Console, API, or CLI. Amazon EBS encryption is available for all the latest EC2 instances in all commercially available AWS regions.Reference: https://aws.amazon.com/about-aws/whats-new/2014/05/21/Amazon-EBS-encryption-now-available/

QUESTION 653A user has created an ELB with Auto Scaling. Which of the below mentioned offerings from ELB helps the user to stop sending new requests traffic from the load balancer to the EC2 instance when the instance is being deregistered while continuing in-flight requests?

QUESTION 655A user is running a webserver on EC2. The user wants to receive the SMS when the EC2 instance utilization is above the threshold limit. Which AWS services should the user configure in this case?

Answer: BExplanation:Amazon SNS makes it simple and cost-effective to push to mobile devices, such as iPhone, iPad, Android, Kindle Fire, and internet connected smart devices, as well as pushing to other distributed services. In this case, the user can configure that Cloudwatch sends an alarm on when the threshold is crossed to SNS which will trigger an SMS.Reference: http://aws.amazon.com/sns/

QUESTION 656Just when you thought you knew every possible storage option on AWS you hear someone mention Reduced Redundancy Storage (RRS) within Amazon S3. What is the ideal scenario to use Reduced Redundancy Storage (RRS)?

Answer: CExplanation:Reduced Redundancy Storage (RRS) is a new storage option within Amazon S3 that enables customers to reduce their costs by storing non-critical, reproducible data at lower levels of redundancy than Amazon S3’s standard storage. RRS provides a lower cost, less durable, highly available storage option that is designed to sustain the loss of data in a single facility.RRS is ideal for non-critical or reproducible data.For example, RRS is a cost-effective solution for sharing media content that is durably stored elsewhere. RRS also makes sense if you are storing thumbnails and other resized images that can be easily reproduced from an original image.Reference: https://aws.amazon.com/s3/faqs/

QUESTION 657A user is making a scalable web application with compartmentalization. The user wants the log module to be able to be accessed by all the application functionalities in an asynchronous way. Each module of the application sends data to the log module, and based on the resource availability it will process the logs.Which AWS service helps this functionality?

Answer: AExplanation:Amazon Simple Queue Service (SQS) is a highly reliable distributed messaging system for storing messages as they travel between computers. By using Amazon SQS, developers can simply move data between distributed application components. It is used to achieve compartmentalization or loose coupling. In this case all the modules will send a message to the logger queue and the data will be processed by queue as per the resource availability.Reference: http://media.amazonwebservices.com/AWS_Building_Fault_Tolerant_Applications.pdf

QUESTION 658You have some very sensitive data stored on AWS S3 and want to try every possible alternative to keeping it secure in regards to access control. What are the mechanisms available for access control on AWS S3?

Answer: AExplanation:Amazon S3 supports several mechanisms that give you flexibility to control who can access your data as well as how, when, and where they can access it.Amazon S3 provides four different access control mechanisms:AWS Identity and Access Management (IAM) policies, Access Control Lists (ACLs), bucket policies, and query string authentication.IAM enables organizations to create and manage multiple users under a single AWS account. With IAM policies, you can grant IAM users fine-grained control to your Amazon S3 bucket or objects. You can use ACLs to selectively add (grant) certain permissions on individual objects. Amazon S3 bucket policies can be used to add or deny permissions across some or all of the objects within a single bucket.With Query string authentication, you have the ability to share Amazon S3 objects through URLs that are valid for a specified period of time.

QUESTION 659Your manager has come to you saying that he is very confused about the bills he is receiving from AWS as he is getting different bills for every user and needs you to look into making it more understandable. Which of the following would be the best solution to meet his request?

Answer: BExplanation:Consolidated Billing enables you to consolidate payment for multiple AWS accounts within your company by designating a single paying account. Consolidated Billing enables you to see a combined view of AWS costs incurred by all accounts, as well as obtain a detailed cost report for each of the individual AWS accounts associated with your “Paying Account”. Consolidated Billing is offered at no additional charge.Reference: https://aws.amazon.com/billing/faqs/

QUESTION 660A user is planning to host a mobile game on EC2 which sends notifications to active users on either high score or the addition of new features. The user should get this notification when he is online on his mobile device. Which of the below mentioned AWS services can help achieve this functionality?

Answer: AExplanation:Amazon Simple Notification Service (Amazon SNS) is a fast, flexible, and fully managed push messaging service. Amazon SNS makes it simple and cost-effective to push to mobile devices, such as iPhone, iPad, Android, Kindle Fire, and internet connected smart devices, as well as pushing to other distributed services.Reference: http://aws.amazon.com/sns

QUESTION 661Which one of the following can’t be used as an origin server with Amazon CloudFront?

QUESTION 662You have written a CloudFormation template that creates 1 Elastic Load Balancer fronting 2 EC2 Instances. Which section of the template should you edit so that the DNS of the load balancer is returned upon creation of the stack?

QUESTION 663You have been asked to set up a database in AWS that will require frequent and granular updates. You know that you will require a reasonable amount of storage space but are not sure of the best option. What is the recommended storage option when you run a database on an instance with the above criteria?

A. Amazon S3B. Amazon EBSC. AWS Storage GatewayD. Amazon Glacier

Answer: BExplanation:Amazon EBS provides durable, block-level storage volumes that you can attach to a running Amazon EC2 instance. You can use Amazon EBS as a primary storage device for data that requires frequent and granular updates. For example, Amazon EBS is the recommended storage option when you run a database on an instance.Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Storage.html

QUESTION 664You have been asked to set up monitoring of your network and you have decided that Cloudwatch would be the best service to use. Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you run on AWS in real-time. You can use CloudWatch to collect and track metrics, which are the variables you want to measure for your resources and applications. Which of the following items listed can AWS Cloudwatch monitor?

Answer: BExplanation:Amazon CloudWatch can monitor AWS resources such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances, as well as custom metrics generated by your applications and services, and any log files your applications generate. You can use Amazon CloudWatch to gain system-wide visibility into resource utilization, application performance, and operational health. You can use these insights to react and keep your application running smoothly.Reference: http://aws.amazon.com/cloudwatch/

QUESTION 665A user has hosted an application on EC2 instances. The EC2 instances are configured with ELB and Auto Scaling. The application server session time out is 2 hours. The user wants to configure connection draining to ensure that all in-flight requests are supported by ELB even though the instance is being deregistered. What time out period should the user specify for connection draining?

A. 1 hourB. 30 minutesC. 5 minutesD. 2 hours

Answer: AExplanation:The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the instances are deregistering or become unhealthy, while ensuring that in-flight requests continue to be served. The user can specify a maximum time of 3600 seconds (1 hour) for the load balancer to keep the connections alive before reporting the instance as deregistered. If the user does not specify the maximum timeout period, by default, the load balancer will close the connections to the deregistering instance after 300 seconds.Reference: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/config-conn-drain.html

QUESTION 666How can you apply more than 100 rules to an Amazon EC2-Classic?

A. By adding more security groupsB. You need to create a default security group specifying your required rules if you need to use more than 100 rules per security group.C. By default the Amazon EC2 security groups support 500 rules.D. You can’t add more than 100 rules to security groups for an Amazon EC2 instance.

QUESTION 667You need to quickly set up an email-sending service because a client needs to start using it in the next hour. Amazon Simple Email Service (Amazon SES) seems to be the logical choice but there are several options available to set it up. Which of the following options to set up SES would best meet the needs of the client?

Answer: AExplanation:Amazon SES is an outbound-only email-sending service that provides an easy, cost-effective way for you to send email.There are several ways that you can send an email by using Amazon SES. You can use the Amazon SES console, the Simple Mail Transfer Protocol (SMTP) interface, or you can call the Amazon SES API. Amazon SES console–This method is the quickest way to set up your system Reference: http://docs.aws.amazon.com/ses/latest/DeveloperGuide/Welcome.html

A. Pay for the instances that you use by the hour, with no long-term commitments or up-front payments.B. Make a low, one-time, up-front payment for an instance, reserve it for a one- or three-year term, and pay a significantly lower hourly rate for these instances.C. Pay for the instances that you use by the hour, with long-term commitments or up-front payments.D. Make a high, one-time, all-front payment for an instance, reserve it for a one- or three-year term, and pay a significantly higher hourly rate for these instances.

QUESTION 669Which of the following statements is NOT true about using Elastic IP Address (EIP) in EC2-Classic and EC2-VPC platforms?

A. In the EC2-VPC platform, the Elastic IP Address (EIP) does not remain associated with the instance when you stop it.B. In the EC2-Classic platform, stopping the instance disassociates the Elastic IP Address (EIP) from it.C. In the EC2-VPC platform, if you have attached a second network interface to an instance, when you disassociate the Elastic IP Address (EIP) from that instance, a new public IP address is not assigned to the instance automatically; you’ll have to associate an EIP with it manually.D. In the EC2-Classic platform, if you disassociate an Elastic IP Address (EIP) from the instance, the instance is automatically assigned a new public IP address within a few minutes.

Answer: AExplanation:In the EC2-Classic platform, when you associate an Elastic IP Address (EIP) with an instance, the instance’s current public IP address is released to the EC2-Classic public IP address pool. If you disassociate an EIP from the instance, the instance is automatically assigned a new public IP address within a few minutes. In addition, stopping the instance also disassociates the EIP from it. But in the EC2-VPC platform, when you associate an EIP with an instance in a default Virtual Private Cloud (VPC), or an instance in which you assigned a public IP to the eth0 network interface during launch, its current public IP address is released to the EC2-VPC public IP address pool. If you disassociate an EIP from the instance, the instance is automatically assigned a new public IP address within a few minutes. However, if you have attached a second network interface to the instance, the instance is not automatically assigned a new public IP address; you’ll have to associate an EIP with it manually. The EIP remains associated with the instance when you stop it.Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html

QUESTION 670You have a Business support plan with AWS. One of your EC2 instances is running Microsoft Windows Server 2008 R2 and you are having problems with the software. Can you receive support from AWS for this software?

A. YesB. No, AWS does not support any third-party software.C. No, Microsoft Windows Server 2008 R2 is not supported.D. No, you need to be on the enterprise support plan.

Answer: AExplanation:Third-party software support is available only to AWS Support customers enrolled for Business or Enterprise Support. Third-party support applies only to software running on Amazon EC2 and does not extend to assisting with on-premises software. An exception to this is a VPN tunnel configuration running supported devices for Amazon VPC.Reference: https://aws.amazon.com/premiumsupport/features/

QUESTION 671In Amazon EC2, how many Elastic IP addresses can you have by default?

QUESTION 672After deciding that EMR will be useful in analysing vast amounts of data for a gaming website that you are architecting you have just deployed an Amazon EMR Cluster and wish to monitor the cluster performance. Which of the following tools cannot be used to monitor the cluster performance?

A. KinesisB. GangliaC. CloudWatch MetricsD. Hadoop Web Interfaces

Answer: AExplanation:Amazon EMR provides several tools to monitor the performance of your cluster.Hadoop Web InterfacesEvery cluster publishes a set of web interfaces on the master node that contain information about the cluster. You can access these web pages by using an SSH tunnel to connect them on the master node. For more information, see View Web Interfaces Hosted on Amazon EMR Clusters.CloudWatch MetricsEvery cluster reports metrics to CloudWatch. CloudWatch is a web service that tracks metrics, and which you can use to set alarms on those metrics. For more information, see Monitor Metrics with CloudWatch.GangliaGanglia is a cluster monitoring tool. To have this available, you have to install Ganglia on the cluster when you launch it. After you’ve done so, you can monitor the cluster as it runs by using an SSH tunnel to connect to the Ganglia UI running on the master node. For more information, see Monitor Performance with Ganglia.Reference: http://docs.aws.amazon.com/ElasticMapReduce/latest/DeveloperGuide/emr-troubleshoot-tools.html

QUESTION 673A user has launched one EC2 instance in the US West region. The user wants to access the RDS instance launched in the US East region from that EC2 instance. How can the user configure the access for that EC2 instance?

A. Configure the IP range of the US West region instance as the ingress security rule of RDSB. It is not possible to access RDS of the US East region from the US West regionC. Open the security group of the US West region in the RDS security group’s ingress ruleD. Create an IAM role which has access to RDS and launch an instance in the US West region with it

QUESTION 674You need to create a load balancer in a VPC network that you are building. You can make your load balancer internal (private) or internet-facing (public). When you make your load balancer internal, a DNS name will be created, and it will contain the private IP address of the load balancer. An internal load balancer is not exposed to the internet. When you make your load balancer internet-facing, a DNS name will be created with the public IP address. If you want the Internet-facing load balancer to be connected to the Internet, where must this load balancer reside?

A. The load balancer must reside in a subnet that is connected to the internet using the internet gateway.B. The load balancer must reside in a subnet that is not connected to the internet.C. The load balancer must not reside in a subnet that is connected to the internet.D. The load balancer must be completely outside of your VPC.

Answer: AExplanation:When you create an internal Elastic Load Balancer in a VPC, you need to select private subnets that are in the same Availability Zone as your instances. If the VPC Elastic Load Balancer is to be public facing, you need to create the Elastic Load Balancer in a public subnet. A subnet is a public subnet if it is attached to an Internet Gateway (IGW) with a defined route to that gateway. Selecting more than one public subnet increases the availability of your Elastic Load Balancer. NB – Elastic Load Balancers in EC2-Classic are always Internet-facing load balancers.Reference: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-internet-facing-load-balancers.html

QUESTION 675Can you move a Reserved Instance from one Availability Zone to another?

A. Yes, but each Reserved Instance is associated with a specific Region that cannot be changed.B. Yes, only in US-West-2.C. Yes, only in US-East-1.D. No

Answer: AExplanation:Each Reserved Instance is associated with a specific Region, which is fixed for the lifetime of the reservation and cannot be changed. Each reservation can, however, be used in any of the available AZs within the associated Region.Reference: https://aws.amazon.com/rds/faqs/

At Lead2pass we verify that 100% of the AWS Certified Solutions Architect – Associate exam questions in exam test prep package are real questions from a recent version of the AWS Certified Solutions Architect – Associate test you are about to take. We have a wide library of AWS Certified Solutions Architect – Associate exam dumps.